summaryrefslogtreecommitdiff
path: root/net-libs/libircclient/files/libircclient-1.10-openssl.patch
blob: b488f7f626c7d113c7b83edad8ccd9e05b02e1a6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
https://sourceforge.net/p/libircclient/code/141/
https://sourceforge.net/p/libircclient/code/142/

--- libircclient-1.10/src/ssl.c
+++ libircclient-1.10/src/ssl.c
@@ -114,26 +114,23 @@
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSL_library_init();
 #else
-	OPENSSL_init_ssl(0, NULL);
+	if ( OPENSSL_init_ssl(0, NULL) == 0 )
+	 return LIBIRC_ERR_SSL_INIT_FAILED;
 #endif 
 
 	if ( RAND_status() == 0 )
 		return LIBIRC_ERR_SSL_INIT_FAILED;
 
 	// Create an SSL context; currently a single context is used for all connections
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	ssl_context = SSL_CTX_new( SSLv23_method() );
+#else
+	ssl_context = SSL_CTX_new( TLS_client_method() );
+#endif
 
 	if ( !ssl_context )
 		return LIBIRC_ERR_SSL_INIT_FAILED;
 
-	// Disable SSLv2 as it is unsecure
-	if ( (SSL_CTX_set_options( ssl_context, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2) == 0 )
-		return LIBIRC_ERR_SSL_INIT_FAILED;
-
-	// Enable only strong ciphers
-	if ( SSL_CTX_set_cipher_list( ssl_context, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH" ) != 1 )
-		return LIBIRC_ERR_SSL_INIT_FAILED;
-
 	// Set the verification
 	if ( session->options & LIBIRC_OPTION_SSL_NO_VERIFY )
 		SSL_CTX_set_verify( ssl_context, SSL_VERIFY_NONE, 0 );